防止 SQL 注入
防止 SQL 注入详细操作教程
以下实例为学习防止 SQL 注入,具体代码如下:
# Filename : example.py
# Author by : www.lidihuo.com
import mysql.connector
mydb = mysql.connector.connect(
host="localhost",
user="myusername",
passwd="mypassword",
database="mydatabase"
)
mycursor = mydb.cursor()
sql = "SELECT * from customers WHERE address = %s"
adr = ("Yellow Garden 2", )
mycursor.execute(sql, adr)
myresult = mycursor.fetchall()
for x in myresult:
print(x)
执行以上代码输出结果为:
# Filename : example.py
# Author by : www.lidihuo.com
(10, 'Vicky', 'Yellow Garden 2')